Device Lock
Transcript of Device Lock
-
7/31/2019 Device Lock
1/8
Why Consider An
Endpoint DLP Solution?The data you are striving to protect behind firewalls and
passwords is likely still slipping through your fingers.
Data leaks can be initiated by either unwitting employees
or users with malicious intent who copy proprietary or
sensitive information from their PCs to flash memory
sticks, smartphones, cameras, PDAs, DVD/CDROMs, or
other convenient forms of portable storage. Or, leaks may
spring from user emails, instant messages, web forms, social
network exchanges or telnet sessions. Wireless endpoint
interfaces like Wi-Fi, Bluetooth, and Infrared as well as device
synchronization channels provide additional avenues for data
loss. Likewise, endpoint PCs can be infected with vicious
malware that harvest user keystrokes and send the stolen data
over SMTP or FTP channels into criminal hands. While these
threat vectors can evade conventional network security solutions
and native Windows controls, the DeviceLock Endpoint Data
Leak Prevention (DLP) Suite addresses them. It enforces data
protection policies with awareness of both the context and
content of data flows across endpoint channels where leaks can
otherwise occur.
ENDPOINT DATA LEAK PREVENTION SUITE
FOR PROTECTING SENSITIVE INFORMATION
ENDPOINT DATA LEAK PREVENTION SUITE
FOR PROTECTING SENSITIVE INFORMATION
DeviceLock
-
7/31/2019 Device Lock
2/8
u
The most efficient approach to data leakage prevention
is to start with contextual control that is, blocking or
allowing data flows by recognizing the user, the data types,
the interface, the device or network protocol, the flow
direction, the state of encryption, the date and time, etc.Some scenarios call for a deeper level of awareness
than context alone can provide; for example, when the data
being handled contains personally identifiable information,
when the input/output channel is conventionally open and
uncontrolled, and when the users involved have situations or
backgrounds considered "high risk." Security administrators
can gain greater peace of mind by passing data flows that fall
into any of these categories through an additional content
analysis and filtering step before allowing the data transfer to
complete.
DeviceLock Endpoint DLP Suite provides both
contextual and content-based control for maximum leakage
prevention at minimum upfront and ownership cost. Its
multi-layered inspection and interception engine provides
fine-grained control over a full range of data leakage
pathways at the context level. For further confidence that no
sensitive data is escaping, content analysis and filtering can
be applied to select endpoint data exchanges with removable
media and Plug-n-Play devices, as well as with network
communications.
With DeviceLock, security administrators can precisely
match user rights to job function with regard to transferring,
receiving and storing data on media attached to corporate
computers. The resulting secure computing environment
allows all legitimate user actions to proceed unimpeded while
blocking any accidental or deliberate attempts to perform
operations outside of preset bounds. DeviceLock supports
a straightforward approach to DLP management that allows
security administrators to use Microsoft Windows ActiveDirectory Group Policy Objects (GPOs) and DeviceLock
consoles for dynamically managing distributed endpoint
agents that enforce centrally defined DLP policies locally on
their host computers.
With DeviceLock in place, you can centrally control,
log, shadow-copy, and analyze end-user access to, and
data transfers through, all types of peripheral devices and
ports, as well as network communications on corporate
computers. In addition, its agents detect and block hardware
keyloggers to prevent their use in the theft of passwords
and other proprietary or personal information. Importantly,
DeviceLock does all this while consuming a minimum of
disk space and memory, remaining as transparent as desired
to the end users, and while running in tamper-proof mode.
With its fine-grained endpoint contextual controls
complemented by content filtering for the most vulnerable
data channels, DeviceLock Endpoint DLP Suite significantly
reduces the risk of sensitive information leaking from
employees computers, whether due to simple negligence
or malicious intent. At the same time, it acts as a security
platform that enforces stated data protection policies and
promotes compliance with corporate information handling
rules, as well as legal mandates like HIPAA, Sarbanes-Oxley,
and PCI DSS.
Endpoint DLP With Context & Content Awareness
NetworkLock
DeviceLock
Network Channel
Removable Media
Local Syncs
Printing Channel
ContentLock
CorporateData
Who What When How Where to What content
Core DeviceLock functionality enforces device access policy by port (interface), device class,device type, device model, unique device ID, hour-of-day, day-of-the-week, as well as bydiscrete access parameters such as write, read-only, and format. Device types can be configured
to only allow access to verified file types and to adhere to enforced use-of-encryption rules.NetworkLock extends the ability to control the context of data communications to networkprotocols and applications. ContentLock provides advanced content filtering rules across thedata channels that DeviceLock and NetworkLock manage.
DeviceLock
-
7/31/2019 Device Lock
3/8
Grou
pPoli
cies
Active Directory
Domain Controller
Network
DeviceLock Service
iPhone/iPadPalmBlackBerry
Windows Mobile
WiFi
IrDABluetooth
USBFireWire
Clipboard
Social Network
WebmailE-mail (SMTP)
HTTP/HTTPS
FTP/FTPSTelnet
Instant Messenger
Printer
CD/DVD/BD
Memory Card
Modular Structure and LicensingDeviceLock Endpoint DLP Suite is comprised of a modular
set of complementary function-specific components that can be
licensed separately or in any combination that meets current
security requirements. Existing customers have a secure upgrade
path for DeviceLock functionality and the option to expandendpoint security with their choice of new modules. Likewise, new
customers can incrementally move up to full-featured endpoint DLP
by adding functionality as it is needed and budgets allow.
u The DeviceLock component includes an entire set of
context controls together with event logging and data shadowing
for all local data channels on protected computers. These include
peripheral devices and ports, connected smartphones/PDAs, and
document printing. DeviceLock provides the core platform, central
management and all administrative components for the other
functional modules of the product suite.
u The pre-integrated NetworkLock component provides
contextual control functions over network communications with
port-independent protocol/application detection and selectivecontrol, message and session reconstruction with file, data, and
parameter extraction, as well as event logging and data shadowing.
u The pre-integrated ContentLock component implements
content monitoring and filtering of files transferred to and from
removable media and Plug-n-Play devices, as well as of various
data objects from network communications that are reconstructed
and passed to it by NetworkLock. These include emails, instant
messages, web forms, attachments, social media exchanges, file
transfers, and telnet sessions.u DeviceLock Search Server (DLSS) is another separately
licensed component that performs full text searches on data in
the central shadowing and event log database. DLSS is designed
to make the labor-intensive processes of information security
compliance auditing, incident investigations, and forensic analysis
more precise, convenient and time-efficient.
The core DeviceLock component is mandatory for every
product installation. All other modules, including NetworkLock,
ContentLock, and DeviceLock Search Server, are separately
licensed, optional and pre-integrated add-ons. This modular
product structure and flexible licensing scheme enable DeviceLock
customers to cost-effectively deploy endpoint DLP features in
stages. They can start with the essential set of port and devicecontrol functions incorporated in the core component and
then incrementally add new function-specific module licenses
to activate additional capabilities as security and compliance
requirements grow.
Enterprises can secure any number of remote endpoints with DeviceLock Endpoint DLP Suite by leveragingits integration with Active Directory and the Windows Group Policy Management Console. NOTE: For a fulllist of network data channels protected by NetworkLock, refer to the Product Specifications section.
u
-
7/31/2019 Device Lock
4/8
Active Directory Group Policy Integration.DeviceLocks most popular console integrates directly
with the Microsoft Management Console (MMC) Active
Directory (AD) Group Policy interface. As Group Policy
and MMC-style interfaces are common knowledge for AD
administrators, there is no proprietary interface to learn or
appliance to buy to effectively manage endpoints centrally.
The simple presence of the DeviceLock MMC snap-in
console on a Group Policy administrators computer allows
for direct integration into the Group Policy Management
Console (GPMC) or the Active Directory Users &
Computers (ADUC) console with absolutely zero scripts,
ADO templates, or schema changes. Security administrators
can dynamically manage endpoint data leakage prevention
and audit settings right along with other Group Policyautomated tasks. In addition to the MMC snap-in console
for Group Policy, DeviceLock also has classic Windows-style
administrative consoles that can centrally manage agents on
any AD, Novell, LDAP, or workgroup network of Windows
computers. XML-based policy templates can be shared across
all DeviceLock consoles.
RSoP Support. The Windows standard Resultant Set ofPolicy snap-in can be used to identify which DeviceLock
group policy is currently being applied and to predict which
policy would be applied in a given Organizational Unit (OU)
membership scenario.
Device Whitelisting.Among the five layers of Windowsdevice control supported by DeviceLock, the USB
device model and device ID levels are handled using a
whitelist approach, whereby the DeviceLock administrator
can explicitly assign users/groups to a USB device.
Administrators can whitelist a specific corporate-issued
model of USB drive, for example, and DeviceLock willallow only designated users to have access with these, while
blocking all other unlisted devices and unlisted users by
default. Administrators can even whitelist a single, unique
device, while locking out all other devices of the same
brand and model, as long as the device manufacturer has
implemented a standard unique identifier. There is also
a powerful Temporary Whitelist applet that users can
run to securely request short-term use of a USB mounted
device from a DeviceLock administrator, even while off
the network. Meanwhile, the rest of the original security
policy remains intact and enforced during this authorized
'exception device' usage period.
Network Communications Control.An optionalcomponent of the DeviceLock Endpoint DLP Suite, the
NetworkLock module adds comprehensive contextual
control over endpoint network communications.
NetworkLock supports port-independent network protocol
and application detection with selective blocking, message
and session reconstruction with file, data, and parameter
extraction, as well as event logging and data shadowing.
NetworkLock controls heavily trafficked network protocols
and applications. These include plain and SSL-tunneled
SMTP email communications with messages and
attachments handled separately. NetworkLock also controlsweb access and other HTTP-based applications with the
ability to extract the content from encrypted HTTPS
sessions. See the Product Specifications section for a list
of all webmail and social media applications controlled by
NetworkLock.
u
DeviceLock Endpoint DLP Suite delivers essential content filtering capabilities and reliable control over network communications
on top of DeviceLocks best-in-industry context-based controls, whereby access to local ports and peripheral devices on corporate
endpoint computers is under a DeviceLock administrators centralized control.
DeviceLock Features and Benefits
With NetworkLock you can set user permissions for the network communications used for web mail, SMTP mail,social networking applications, instant messaging, file transfers, telnet sessions and more.
DeviceLock
-
7/31/2019 Device Lock
5/8
True File Type Control.Administrators can selectively
grant or deny access to over 4,000 specific file types for
removable media. When a file type policy is configured,
DeviceLock will look into a files binary content to
determine its true type (regardless of file name and
extension) and enforce control and shadowing actions per
the applied policy. For flexibility, Content-Aware Rules for
file types can be defined on a per-user or per-group basis
at the device type layer. True file type rules can also apply
to pre-filtering of shadow copies to reduce the volume of
captured data.
Clipboard Control. DeviceLock enables security
administrators to effectively block data leaks at their veryembryonic stagewhen users deliberately or accidentally
transfer unauthorized data between different applications
and documents on their computer through clipboard
mechanisms available in Windows operating systems. Copy
and Paste operations can be selectively filtered for data
exchanges between different applications (e.g. from Word
to Excel or OpenOffice). At the context level, DeviceLock
supports the ability to selectively control user access to
data objects of various types copied into the clipboard
including files, textual data, images, audio fragments (like
recordings captured by Windows Sound Recorder), and data
of unidentified types. Screenshot operations, including theWindows PrintScreen function and similar features of third-
party applications, can be blocked or mitigated for specific
users/groups and at specific computers.
Mobile Device Local Sync Control.Administrators can
use DeviceLock's patented local sync technology to set
granular access control, auditing, and shadowing rules for
mobile devices that use the Microsoft Windows Mobile,
Apple iPhone/iPad/iPod touch or Palm operating
systems' local data synchronization. Permissions are presented
with fine granularity and define which types of data (files,
pictures, emails, contacts, calendars, etc.) specified users
and/or groups are allowed to synchronize between managed
PCs and their personal mobile devices regardless of the
connection interface. BlackBerry smartphones are also
supported with device presence detection, access control and
event logging.
Printing Security. DeviceLock puts local and networkprinting under the strict control of corporate security
administration. By intercepting Print Spooler operations,
DeviceLock enables administrators to centrally control user
access to local, network, and even virtual printers from
DeviceLock-managed PCs. In addition, for USB-connected
printers, specified printer vendor models and/or unique
printer device IDs can be allowed for designated users
and groups. Printing events can be logged and the actual
print job data can be shadow-copied, collected, and stored
centrally for audit and post-analysis.
Content Filtering. Extending DeviceLock andNetworkLock capabilities beyond context-based security
mechanisms, the ContentLock module can filter the
content of files copied to removable drives and other Plug-
n-Play storage devices, as well as various data objects from
within network communications. These include email, webaccess and other HTTP-based applications like webmail
and social networking, many popular instant messaging
applications, FTP file transfers, and telnet sessions. The text
analysis engine can extract textual data from more than 80
file formats and other data types and then apply effective
and reliable content filtering methods based on Regular
Expression (RegExp) patterns with numerical conditions and
Boolean combinations of matching criteria. To ease the task
of specifying content-aware rules, pre-built industry-specifickeyword lists can be used as filter criteria, as well as common
RegExp data pattern templates for sensitive information
types like social security numbers, credit cards, addresses, etc.
u The configuration screens here show high-level samples of content-aware rules perspecific device (above) and per specific network protocol (below). ContentLock'stemplate-driven interface eases definition of content-aware filtering policies.
-
7/31/2019 Device Lock
6/8
Removable Media Encryption Integration.DeviceLock takes an open integration approach to enforced
use of encryption for removable media. It recognizes vendor-
specific encryption on media when encountered, and itblocks, allows or mitigates access to the device according
to predefined encryption policies. Customers have the
option of using the encryption solution that best fits their
security scenarios among best-of-breed technologies that
include: Windows 7 BitLocker To Go, PGP Whole
Disk Encryption; TrueCrypt; SafeDisk, SecurStar
DriveCrypt Plus Pack Enterprise (DCPPE); and Lexar
Medias S1100/S3000 series USB flash drives. DeviceLock
allows for discrete access rules for both encrypted and
unencrypted partitions of removable media that use any ofthe integrated encryption solutions mentioned above. With
its partnering approach, DeviceLock is positioned to quickly
add support for more encryption vendors as the market
demands. In addition, any pre-encrypted USB media can be
selectively whitelisted with usage strictly enforced.
DeviceLock MMC snap-in to Group Policy Management: DeviceLock administrators havefull central control over access, audit, shadow, and content rules covering potential localdata leakage channels across the entire Active Directory domain forest.
u
Network-Awareness. Administrators can define differentonline vs. offline security policies for the same user account
and computer. A useful setting on a mobile user's laptop, for
example, is to disable Wi-Fi when docked to the corporate
network to avoid network bridging data leaks and then to
enable Wi-Fi when undocked.
Anti-Keylogger. DeviceLock detects USB keyloggers togenerate alerts or even block keyboards connected to them.
This feature allows administrators to securely allow all single-
function USB mice and keyboards by their generic device
class. DeviceLock also obfuscates PS/2 keyboard input and
forces PS/2 keyloggers to record unintelligible text instead of
real keystrokes.
Tamper Protection. Configurable 'DeviceLockAdministrators' feature prevents anyone from tampering
with settings locally, even users that have local PC system
administration privileges. With this feature activated,only designated security administrators working from a
DeviceLock console or Group Policy Object (GPO) Editor
can install/uninstall the program or edit DeviceLock
policies.
DeviceLock
-
7/31/2019 Device Lock
7/8
DeviceLock Observation ModeDeviceLock is often used at first to collect an audit record of the data objects that end users are moving to removable media,
DVD/CD-ROMs, PDAs, through Wi-Fi, and via web email, web forms etc. DeviceLock audit/shadow records are useful in
determining the current level of non-compliance exposure and can be used to provide a non-repudiable audit trail for compliance
officials. When a leak is discovered or even suspected, DeviceLock provides tools to capture and forensically view objects and
associated logs for use as evidence or for corrective policy action.
Audit Logging. DeviceLocks auditing capability tracksuser and file activity for specified device types and ports on
a local computer. It can prefilter auditable events by user/
group, by day/hour, by true file type, by port/device type,
by reads/ writes, and by success/failure events. DeviceLock
employs the standard event logging subsystem and writes
audit records to a Windows Event Viewer log with GMT
timestamps. Within DeviceLocks column-based viewers,
logs can be sorted by column data and filtered on any string-
based criteria with wildcard operators to achieve a desired
view of the captured audit data. Logs can also be exported to
many standard file formats for import into other reporting
and log management solutions.
Data Shadowing. DeviceLocks data shadowing functioncan be set up to mirror all data copied to external storage
devices, printed or transferred through serial, parallel, and
network ports (with NetworkLock add-on). DeviceLock
can also split ISO images produced by CD/DVD burnersinto the original separated files upon auto-collection by
the DeviceLock Enterprise Server (DLES). A full copy of
the files can be saved into the SQL database or to a secure
share managed by the DLES. Shadow data can be prefiltered
by user/group, day/hour, file type, and content to narrow
down what is copied and then collected. DeviceLocks audit
and shadowing features are designed for efficient use of
transmission and storage resources with stream compression,
traffic shaping for quality of service (QoS), local quota
settings, and optimal DLES server auto-selection.
Agent Monitoring. DeviceLock Enterprise Servercan monitor remote computers in real-time by checking
DeviceLock agent status (running or not), version, policy
consistency and integrity. The detailed information is
written to the Monitoring log. Should this process uncover
that some DeviceLock agents are older versions or are
inconsistent with the current security policy template,
DeviceLock can then be used to remotely update those
agents to the current version and settings that will keep the
local endpoint policy in compliance.
Report Plug-n-Play Devices. The PnP Report allowsadministrators and auditors to generate a report displaying
the USB, FireWire, and PCMCIA devices currently and
historically connected to selected computers in the network.
This report also allows for efficient population of the USB
whitelist as a first step to adding select device models or
unique devices to DeviceLock access policies.
Graphical Reporting. DeviceLock can generate graphicalcanned reports in HTML, PDF or RTF format based
on analysis of DLES-collected audit log and shadow file
data. These reports can be auto-emailed to a data security
management list or compliance officers when generated.
Data Search. The optional and separately licensed
DeviceLock Search Server (DLSS) module enhances theforensic abilities of DeviceLock by indexing and allowing
comprehensive full-text searches of centrally collected
DeviceLock audit log and shadow file data. The DLSS aids
in the labor-intensive processes of information security
compliance auditing, incident investigations, and forensic
analysis by making fact-finding faster, more precise, and
more convenient. It supports indexing and searching in
more than 80 file formats. Language independent word,
phrase, and number queries take only seconds to execute
once the data has been indexed. Stemming and noise-word
filtering are turned on by default for words and phrases
in English, French, German, Italian, Japanese, Russian,and Spanish. DLSS uses all words logic (AND logic),
with some special character wildcards available to refine or
expand searches. Results are sorted by hit count by default,
though term weighting or field weighting for particular
words are available options. The DLSS also supports full-text
indexing and searching of printouts in PCL and PostScript
languages to audit virtually all document printing.
We found DeviceLock to be the most cost-effective solution for endpoint device
management after months of product evaluation. It has proven itself to be one of
the biggest bangs for the buck in our arsenal of information security controls.
David Gardner, Data Security Specialist, University of Alabama at Birmingham Health System
We found DeviceLock to be the most cost-effective solution for endpoint device
management after months of product evaluation. It has proven itself to be one ofthe biggest bangs for the buck in our arsenal of information security controls.
David Gardner, Data Security Specialist, University of Alabama at Birmingham Health System
-
7/31/2019 Device Lock
8/8
Product SpecificationsInfrastructure (Installable) Componentsu DeviceLock agentu DeviceLock Enterprise Server (DLES)u Consoles: DeviceLock Group Policy Manager (DLGPM)
DeviceLock Management Console (DLMC)DeviceLock Enterprise Manager (DLEM)
Licensed Modulesu DeviceLock (core required)u NetworkLocku ContentLocku DeviceLock Search Server (DLSS)
Ports Securedu USB, FireWire, Infrared, Serial, Parallel
Device Types Controlled (Partial List)u Floppies, CD-ROMs/DVDs, any removable storage (f lash
drives, memory cards, PC cards, etc.), Hard drives, Tape/Optical devices, WiFi adapters, Bluetooth adapters,Windows Mobile, Palm OS, Apple iPhone/iPod touch/
iPad and BlackBerry Devices, Printers (local, network andvirtual), Modems, Scanners, Cameras.
Clipboard Controlu Inter-application clipboard copy/paste operationsu Data types independently controlled: file types, textual data,
images, audio, unidentified datau Screenshot operations (PrintScreen and 3rd-party
applications)
Data Types Controlledu More than 4,000 file typesu Data synchronization protocol objects: Microsoft
ActiveSync, Palm HotSync, iTunesu Pictures containing text as image
Network Communications Controlledu Web Mail (including mobile versions): Gmail, Yahoo!Mail,
Windows Live Mail , AOL Mail, Mail.Ru, Yandex.Mail,WEB.DE, GMX.de
u Social Networking (including mobile versions): Google+,Facebook, Twitter, LiveJournal, LinkedIn, MySpace,Odnoklassniki, Vkontakte , XING.com, Studivz.de,Meinvz.de, Schuelervz.net
u Instant Messengers: ICQ/AOL, MSN Messenger, Jabber,IRC, Yahoo! Messenger, Mail.ru Agent
u Internet Protocols: HTTP/HTTP over SSL, SMTP/SMTP
over SSL, FTP/FTP over SSL, Telnet
Content Filtering Technologiesu Industry-specific and custom keyword filter templatesu Advanced Regular Expression (RegExp) patterns with
numerical conditions and Boolean combination of matchingcriteria
u Pre-built RegExp templates (SSN, credit card, bank account,address, passport, drivers license, etc.)
Content Filtering Channelsu Removable media and other Plug-n-Play storage devicesu Network communications
File Formats Parsedu 80+ file formats including Microsoft Office, OpenOffice,
Lotus 1-2-3, Email repositories and archives, CSV, DBF,
XML, Unicode, GZIP, WinRAR, ZIP, etc.
Content-Aware Data Shadowingu Removable media and other Plug-n-Play storage devices,
network communications, local syncronizations, clipboardoperations
u All parsed file formats and data types
Full-Text Searchingu All parsed file formats and data typesu PCL and Postscript printoutsu Indexing and search based on: log record parameters, word,
phrase, numberu Search logic: all words (AND), default hit count
weighting, configurable term and field weightingu Stemming and noise-word filtering for English, French,
German, Italian, Japanese, Russian & Spanish
Encryption Integrationu Windows 7 BitLocker To Gou PGP Whole Disk Encryptionu TrueCryptu SecurStar DriveCrypt (DCPPE)u SafeDisku Lexar Media SAFE S1100 & S3000 Series
Approved Encrypted Devicesu
IronKey: D20XXX, S-200 & D200 Series Enterprise,Personal & Basic Modelsu Systematic Development Group: LOK-ITu BlockMaster: SafeSticksu Lexar Media: SAFE S1100 & S3000 Seriesu SanDisk: Cruzer Enterprise Series
Component Dependenciesu ContentLock, NetworkLock and DLSS require core
DeviceLock moduleu ContentLock requires NetworkLock for content filtering of
network communications
System Requirements
u DeviceLock agent: Windows NT 4.0/2000/XP/Vista/7 orServer 2003/2008 (32-bit/64-bit versions); CPU Pentium 4,64MB RAM, HDD 25MB
u DeviceLock consoles: Windows NT 4.0/2000/XP/Vista/7or Server 2003/2008 (32-bit /64-bit versions); CPU Pentium 4,2GB RAM, HDD 800GB
u DeviceLock Enterprise Server: Windows Server 2003 R2;2xCPU Intel Xeon Quad-Core 2.33GHz, RAM 8GB, HDD800GB; MSEE/MSDE or MS SQL Server
DeviceLock
UNITED STATES
2440 Camino Ramon, Ste. 130
San Ramon, CA 94583, USA
email: [email protected]
Toll Free: +1 866 668 5625
Phone: +1 925 231 4400
Fax: +1 925 886 2629
Copyright DeviceLock, Inc.
All Rights Reserved.
Copyright DeviceLock, Inc.
All Rights Reserved.
UNITED KINGDOM
The 401 Centre, 302 Regent Street
London, W1B 3HH, UK
Toll Free: +44 (0) 800 047 0969
Fax: +44 (0) 207 691 7978
ITALY
Via Falcone 7
20123 Milan, Italy
Phone: +39 02 86391432
Fax: +39 02 86391407
GERMANY
Halskestr. 21
40880 Ratingen, Germany
Phone: +49 2102 89211-0
Fax: +49 2102 89211-29
DeviceLock
Proact ive Endpoin t Secur i ty
UNITED STATES
2440 Camino Ramon, Ste. 130
San Ramon, CA 94583, USA
email: [email protected]
Toll Free: +1 866 668 5625
Phone: +1 925 231 4400
Fax: +1 925 886 2629
UNITED KINGDOM
The 401 Centre, 302 Regent Street
London, W1B 3HH, UK
Toll Free: +44 (0) 800 047 0969
Fax: +44 (0) 207 691 7978
ITALY
Via Falcone 7
20123 Milan, Italy
Phone: +39 02 86391432
Fax: +39 02 86391407
GERMANY
Halskestr. 21
40880 Ratingen, Germany
Phone: +49 2102 89211-0
Fax: +49 2102 89211-29
[ ]For more information: www.devicelock.com